configuring ADSL routers and how to

Unanswered Question
Mar 2nd, 2007

Hey guys,

What is the correct order if any in which a router should be configured? i.e. do you first do dhcp, lan, ADSL, VPN

Did it really matter? I'm struggling to bring up my VPN tunnel.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Danilo Dy Fri, 03/02/2007 - 04:15

Each has its own order of configuring a router, depends on which is available first. If ADSL link is available before LAN switches arrive - I'll configure ADSL first. But if everything is available, I do it this way.

LAN = Make sure connectivity between switch and router is up first.

DHCP = Second, make sure client can get an IP Address, DNS, WINS, etc.. so that user can start working (i.e. printing, file sharing between vlans, access servers, etc..)

ADSL = Third, make sure the router can connect to internet. NAT, ACL, etc..

VPN = Configure VPN to reach remote networks through internet.

spremkumar Fri, 03/02/2007 - 04:18

Hi Brad

DHCP may not be required in all kinda situations untill unless you really require to have it in your lan.

The main process steps will be configured your lan interface and then your wan interface.

Once the same is being done then you can configure all other features like NAT,VPN,Firewall,IPS etc..,

If you are done wit one step then try to check whether the particular config is successful.

This will definitely help in identifying any lapse in the configs during the checks ..


bradlesliect Fri, 03/02/2007 - 05:57

Each time i try to apply the crypto config, get a msg that it will be disabled until the vaild access list is applied. This gets applied but the VPN session does not start which in turn creates problems.

Do you have a template for crypto?

chadlenox Fri, 03/02/2007 - 10:35

Here's part of my config from one of 877 ADSL routers, showing one of the Site-to-Site tunnels config, which is using a pre-shared key:

crypto isakmp policy 1

encr 3des

authentication pre-share

group 2

crypto isakmp key xxx address x.x.x.x no-xauth

crypto map SDM_CMAP_1 1 ipsec-isakmp

description - Tunnel to xxx

set peer x.x.x.x

set transform-set ESP-3DES-SHA

match address xxx

ip access-list extended xxx

remark - Traffic Protected Through VPN

permit ip

interface Dialer1

crypto map SDM_CMAP_1

spremkumar Sun, 03/04/2007 - 21:00

Hi Brad

As mentioned in the config posted out by other poster you need to have access-list created which actually specifies the interesting traffic to be encrypted..



This Discussion